Cloud Token Theft - XSOAR Version (#27808)

* new content * update RN * Added mapping for RelatedCampaign and RelatedAttackPatterns * Added mapping for RelatedCampaign and RelatedAttackPatterns * update RN * update RN * fixes to layout file * fixes to layout file * change field name * update docs and layout * fixes the incident field name * fixes the incident field name * pack readme update * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_XCloud_Token_Theft_Response.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fixes * fixes * playbook fixes * playbook fixes * playbook fixes * update RN * validation check * format incident field Referenced Resource ID * format incident field Cloud Operation Type * update RN * fix fields * fix fields * fix fields * fix fields - added marketplaces * update RN * fix typo * fix typo and update RN * removed unused fields from the layout * removed unused fields from the layout --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
demisto · Jul 6, 2023 · 76c84ca · 76c84ca
1 parent 50da73a
commit 76c84ca
Show file tree

Hide file tree

Showing 33 changed files with 3,843 additions and 79 deletions.
diff --git a/Packs/CloudIncidentResponse/Layouts/layoutscontainer-CLOUD_Token_Theft.json b/Packs/CloudIncidentResponse/Layouts/layoutscontainer-CLOUD_Token_Theft.json
@@ -478,7 +478,7 @@
                         "minH": 1,
                         "moved": false,
                         "name": "Malicious or Suspicious Indicators",
-                        "query": "reputation:Benign OR reputation:Suspicious OR reputation:Malicious",
+                        "query": "reputation:Suspicious OR reputation:Malicious",
                         "queryType": "input",
                         "static": false,
                         "type": "indicators",
@@ -571,7 +571,7 @@
                         "minH": 1,
                         "moved": false,
                         "name": "Cloud Indicators",
-                        "query": "99900222-7570-4e56-8fa6-1206e76be060",
+                        "query": "displayCloudIndicators",
                         "queryType": "script",
                         "static": false,
                         "type": "dynamic",
@@ -1404,5 +1404,6 @@
     "system": false,
     "version": -1,
     "fromVersion": "6.8.0",
+    "marketplaces": ["marketplacev2"],
     "description": ""
 }
diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml b/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml
@@ -607,4 +607,5 @@ outputs:
 quiet: false
 tests:
 - No tests (auto formatted)
+marketplaces: ["marketplacev2"]
 fromversion: 6.8.0
diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_Response.yml b/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_Response.yml
@@ -2065,4 +2065,5 @@ inputs:
 outputs: []
 tests:
 - No tests (auto formatted)
+marketplaces: ["marketplacev2"]
 fromversion: 6.8.0